Vulnerabilities > Splunk

DATE CVE VULNERABILITY TITLE RISK
2014-04-02 CVE-2014-2578 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
splunk CWE-79
4.3
2014-01-23 CVE-2012-6447 Cross-Site Scripting vulnerability in Splunk 5.0/5.0.1/5.0.2
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
splunk CWE-79
4.3
2013-11-25 CVE-2013-6870 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
splunk CWE-79
4.3
2013-04-10 CVE-2013-2766 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
splunk CWE-79
4.3
2012-08-17 CVE-2012-1908 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
network
splunk CWE-79
4.3
2012-01-03 CVE-2011-4778 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPL-44614.
network
splunk CWE-79
4.3
2012-01-03 CVE-2011-4644 Improper Authentication vulnerability in Splunk
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.
network
splunk CWE-287
critical
9.3
2012-01-03 CVE-2011-4643 Path Traversal vulnerability in Splunk
Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a ..
network
low complexity
splunk CWE-22
4.0
2012-01-03 CVE-2011-4642 Cross-Site Request Forgery (CSRF) vulnerability in Splunk
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.
network
high complexity
splunk CWE-352
4.6
2010-09-14 CVE-2010-3323 Unspecified vulnerability in Splunk
Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.
network
high complexity
splunk
4.6